Commonwealth Bank of Australia—in the Midst of a Money-laundering Scandal

December 20, 2017

By Phillip Mann, International Banker

On November 15, the Commonwealth Bank of Australia (CBA) held its annual general meeting (AGM), during which a small but notable protest vote emerged against the bank’s board appointments and executive remunerations. While the vote was not enough to warrant a mandatory board spill—the remuneration report still managed to gain 91.4 percent support, and the weakest majority vote among the four new director appointees to the board received 84 percent—it signalled that a considerable degree of discontent had emerged during a year in which the Australian stock market’s biggest company has had to face lawsuits over allegations that it breached anti-money-laundering and terrorism-financing rules.

Indeed, the AGM followed revelations back in August that CBA had been sued by the Australian Transaction Reports and Analysis Centre (AUSTRAC)—the government’s financial-crime agency—over 53,700 alleged breaches of such laws. The case concerns automated cash-deposit machines—known as “intelligent deposit machines”—that were introduced by CBA in 2012 and which allow customers to anonymously deposit and transfer cash, even when banks are closed. The machines count the cash and then instantly credit the designated recipient; they also allow for up to A$20,000 per deposit to be anonymously placed in recipient accounts, which can then be transmitted to offshore destinations.

AUSTRAC contends that such machines were predominantly used by four money-laundering syndicates, three of which have ties to drug-importation and distribution networks. The syndicates were able to anonymously deposit and transfer cash, with one operation seeing more than $21 million being deposited into 11 CBA accounts between February 2015 and May 2016. Indeed, it is believed that the bank failed to report suspicious transactions totalling more than A$624 million ($497 million) that were transmitted through this network of deposit machines. While banks are required to flag transactions in excess of US$10,000 within 10 business days, CBA reportedly failed to deliver such reports for a period spanning three years. According to AUSTRAC, therefore, CBA failed to assess the money-laundering and terrorism-financing risks of those machines, and thus failed to sufficiently meet its transaction-monitoring requirements. It has thus filed 83 allegations concerning suspicious transaction reports and 19 allegations regarding customer due diligence. Moreover, the maximum penalty for each of CBA’s 53,700 breaches is up to $18 million, which means that the lender could end up being footed with a potentially massive financial obligation of nearly A$1 trillion if found guilty.

According to AUSTRAC’s court filing, CBA’s conduct during this matter “has exposed the Australian community to serious and ongoing financial crime”, with the crime unit adding that the delays in the case have also led to “lost intelligence and evidence, including CCTV footage, further money laundering and lost proceeds of crime”. The bank also allegedly failed to act despite receiving a clear warning from the Australian federal police, which advised in late 2015 that numerous accounts “were connected with an investigation into serious criminal offences, including ‘drug import and unlawful processing of money’”, AUSTRAC claimed.

In addition to AUSTRAC’s case, CBA also faces a shareholder class-action lawsuit, which alleges that the lender knew of the allegations but did not disclose them to shareholders prior to a drastic drop in the lender’s share price. In total, the bank failed to adequately report unusual transactions totalling more than A$77million. The lawsuit thus centres on the bank’s lack of disclosure of the AUSTRAC allegations to the Australian Stock Exchange, which the board admitted it knew of in the second half of 2015 but on which it made its first public comment only in August 2017 when AUSTRAC’s legal action was confirmed. The concurrent drop in share price during early August was, according to Andrew Watson, the national head of class actions at law firm Maurice Blackburn, “in the top one percent of price movements that CBA experienced in the past five years, making it apparent that the news was of material significance to shareholders”.

In response to the allegations, CBA admitted in mid-December to some failings with respect to reporting on time to the authorities, a failure which it describes in legal filings as one “that deprived law enforcement of some additional intelligence”. The bank also cites systems-related glitches as being behind the problem rather than any nefarious actions taken internally, which in turn suggests that it is aiming for the thousands of failures to be considered as one single breach of the law, thus minimising the ultimate penalty imposed on the bank. While the case remains ongoing, moreover, CBA has cut bonuses for its executives and initiated an overhaul at board level. The bank’s CEO, Ian Narev, will also be stepping down from his position at the end of the financial year. “We let down our stakeholders and, regardless of the ins and outs of the legal claim, I am sorry for that as the chief executive,” Mr Narev recently admitted, adding that he takes accountability for the scandal.

Additionally, CBA has now put in place measures to prevent its personal customers from depositing more than $20,000 per day at the bank’s ATMs. This means that the new limit will apply irrespective of how many deposit transactions are made in a day. According to the bank, this new measure “is another important step in the management of money-laundering risks. It strikes a balance between addressing our obligation and commitment to prevent financial crime and meeting our customers’ legitimate banking needs”. Nonetheless, the bank’s position remains clear with regards to the bulk of the claims—that most of the breaches were due to software errors. It also refuses to accept AUSTRAC’s contention that the bank’s failures equate to eight separate contraventions of the law, and denies the suspicious-transaction and due-diligence allegations. Indeed, CBA Chair Catherine Livingstone recently stated that the allegations made by AUSTRAC did not suggest that any of the bank’s employees had acted maliciously, nor had the bank acted deliberately to flaunt AUSTRAC laws.

The allegations have also had some wider-reaching consequences, with the government in December deciding to implement a law that requires bitcoin exchanges operating in the country to register with AUSTRAC. The move is a direct result of growing concern from Parliament that financial crime in the country needs to be brought under control following CBA’s alleged violations.

According to CBA, AUSTRAC had indicated it will file more allegations of legal breaches, which in turn would very likely cause the bank to update its own legal defence. It will also make clear to the court that it has taken specific steps over the last few years to strengthen its compliance against financial crime. Nonetheless, the bank faces much criticism from shareholders, regulators and politicians over its conduct, to the extent that a public inquiry into the bank’s misconduct was finally agreed upon in November. The case remains ongoing.